CVE-2021-32716

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.1.1

Description The admin API has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommended to update to version 6.4.1.1. The update to 6.4.1.1 can be obtained regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

Recommendations For versions prior to 6.4.1.1, update to version 6.4.1.1. For older versions of 6.1, 6.2, and 6.3, install the corresponding security plugin to mitigate the issue. As a temporary workaround, consider restricting access to the admin API until the update is applied.